Ransomware criminals have feelings too: BlackMatter abuse caused crims to shut down negotiation portal

2021-10-25 17:16

Hurling online abuse at ransomware gangs may have contributed to a hardline policy of dumping victims' data online, according to counter-ransomware company Emsisoft.

Earlier this month, the Conti ransomware gang declared it would publish victims' data and break off ransom negotiations if anyone other than "Respected journalist and researcher personalities" [sic] dared publish snippets of ransomware negotiations, amid a general hardening of attitudes among ransomware gangs.

Typically these conversation snippets make it into the public domain because curious people log into ransomware negotiation portals hosted by the criminals.

The BlackMatter gang's portal credentials became exposed to the wider world and the resulting wave of furious abuse hurled at the crims prompted them to pull up the virtual drawbridge.

Ransomware gangs use media and social media coverage as a tool to help them pressurise their victims into paying up, reserving mocking publicity and document dumps for those who refuse to bow to the extortionists' demands.

The problem is simple: if it becomes public knowledge that there is an exploitable flaw in a ransomware strain that lets victims decrypt their networks without paying a ransom, that alerts the criminals, who then fix the flaw and continue profitably targeting other victims.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/10/25/blackmatter_portal_emsisoft/

#criminal #ransomware